Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0d83ef8c by Salvatore Bonaccorso at 2025-06-20T00:19:17+02:00
Add references for CVE-2025-6019
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1922,8 +1922,10 @@ CVE-2025-6019 (A Local Privilege Escalation (LPE)
vulnerability was found in lib
- libblockdev 3.3.0-2.1
NOTE: https://www.openwall.com/lists/oss-security/2025/06/17/4
NOTE: https://www.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt
+ NOTE: Fixed by:
https://github.com/storaged-project/libblockdev/commit/46b54414f66e965e3c37f8f51e621f96258ae22e
(3.3.1)
NOTE: As hardening measure udisks2 (in unstable since 2.10.1-12.1)
NOTE: will enforce that private mounts are mounted with 'nodev,nosuid'.
+ NOTE:
https://github.com/storaged-project/udisks/commit/5e7277debea926370e587408517560afe87d28c9
CVE-2025-6018 [LPE from unprivileged to allow_active in SUSE 15's PAM]
- pam <not-affected> (SUSE specific issue)
NOTE: https://www.openwall.com/lists/oss-security/2025/06/17/4
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d83ef8ce2bad30b5c811f00962514befd8e9245
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d83ef8ce2bad30b5c811f00962514befd8e9245
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
